We are having issues in our labs where students set the magnifier and a few other settings intentionally to make the system almost unusable. I was thinking about controlling this activity, but disabling it will not solve that issue because there might be people who really need and this also eliminates the options of disabling it at the screen and enabling it back again through console.

So I was really wondering can we attach some kind of authentication to this in anyway, so that a lab admin can give access to the person who needs to use this option. Or even better is there a way to set it or disable it through the command prompt. Keep in mind I am using Ubuntu 10.04.

1 Answer
1

I guess the main issue here (past all the social nonsense) is one user can affect another. This is a technical situation that Linux has been fairly good at preventing for a fairly long time. The fact this is a problem suggests to me that you're not actually providing these people with their own logins, going for a single-user method.

That's a major issue in itself because people using browsers aren't getting the privacy or security they might expect. People can run things in that shared user that log keystokes, monitors browsers, etc. Not good stuff.

So break things out. Get a LDAP-style system in place so every user has their own account. Make the computers refresh from a central ISO. User files stored in a central place too. It's hard work but it's infinitely better than what you've got.

By this point you're in a situation where no one (non-admin) user can affect another user.

Past this if people want to muck up their own sessions, you have to explore the behaviour that leads to all this. People are vandalising the lab equipment and you need to address that lack of respect.

A few suggestions:

Log common commands that cause issues (easy with a wrapper script). For instance it should be posible to log the start of the accessibility applications to a central server so that you know who is loading it and when they're doing it.

Charge people to fix deliberate breaks.

Stick up a couple of cheapy webcams in labs to corroborate logs.

You don't need to get 1984 on your users but they need to know the limits.